How Jeff Bezos Got Hacked On WhatsApp-And How It Could Happen To You
Last week, The Guardian reported that Mohammed bin Salman, the crown prince of Saudi Arabia, may have been responsible for hacking Amazon CEO Jeff Bezos’s cell phone and extracting information that led to the death of Jamal Khashoggi and the revelations of Bezos’s extramarital affair. The shocking secret is that in order to access all of this information, the billionaire prince simply sent the billionaire CEO a video. When Bezos downloaded the video, he unknowingly downloaded malicious code that then accessed a huge amount of data. Bezos and his team didn’t know about the hack until it was much, much too late.
That begs the question: If the richest man in the world’s phone can be hacked, why can’t yours?
What to Know About Whatsapp and Other OTT Platforms
“There’s still a lot we don’t know about how Bezos’s iPhone was hacked, but it doesn’t appear as if it was the result of a single known weakness in WhatsApp or any other piece of software,” Ross Schulman, Senior Policy Counsel and Senior Policy Technologist at New America’s Open Technology Institute, told Popular Mechanics. “These kinds of vulnerabilities exist in all sorts of pieces of software. Overall, WhatsApp is still a good choice for secure communications.”
Online messaging platforms like WhatsApp are generally more secure than text messaging platforms because they use end-to-end encrypted technology and internet protocols for transferring messages rather than mobile internet connection. They’re highly recommended for general communications as well as the transference of sensitive information—regardless of your net worth. Having safe internet habits like using secure messaging, updating your software, and being careful about what you send and accept makes you safe.
WeChat, for example, is a messaging platform that uses extensible Messaging and Presence Protocol (XMPP) to exchange data between the users. This protocol is decentralized, and as a result, considered secure and flexible. The company also uses SSL/TSL encryption. All of this is intended to ensure that other people aren’t seeing your messages.
But that doesn’t mean a sophisticated individual with an arsenal of cyberweapons couldn’t use an encrypted messaging platform for an attack. Like all things, if the motive is strong enough, there’s a weapon that can accomplish any task.
How Can Someone Hack a Secure Encrypted Protocol?
“It’s important to keep in mind [the Bezos hack] was a very targeted attack, which to date appears to have been carried out by a well-resourced nation-state,” Andrea Little Limbago, Chief Social Scientist at Virtru, told Popular Mechanics. “This means it is very unlikely that this exact same attack vector would happen to the average person.”
Still, Little Limbago says there are key themes we should all be aware of to protect ourselves from less well-funded, but equally malicious attacks. You should know that:
The spyware was embedded in a video format. Most people think phishing attacks (i.e. targeted attacks against a person or company) occur only through email, but this is no longer the case. Be very careful with anything you download from the internet.
There’s an increase in spyware being sent from friends and family, which is increasingly known as stalkerware. Stalkerware is an off-the-shelf product often used in domestic violence situations to monitor one’s spouse. Leading thinkers in the space like Eva Glaperin are helping victims learn when they’re targeted and how to get stalkerware off their phones.
Sometimes, the abuser will send a link in an email that looks like they’re sharing an interesting website, but when clicked, it actually triggers the installation of spyware onto your device without you knowing. Spyware can also be installed out of the box or with someone using your phone pin or computer password to install apps directly onto your device.
Stalkerware apps “track victims’ locations and allow abusers to read their text messages, monitor phone calls, see photos, videos, and web browsing, and much more,” says Little Limbago. “It’s being used all over the world to intimidate, harass, and harm victims, and is a favorite tool for stalkers and abusive spouses or ex-partners.”
In the case of Bezos’s WhatsApp attack, the spyware was linked to the firm NSO Group. “There is a growing marketplace for spyware, and private companies across the globe are stepping up to meet this growing demand,” Little Limbago says. “NSO group is just the most prominent, but the Bezos hack demonstrates the market push for hackers-for-hire.”
How to Tell If You’re a Victim of Stalkerware
Lobbying efforts by the Coalition to Combat Stalkerware have made significant headway in pushing security software companies to alert the victim when stalkerware has corrupted a system. According to Kaspersky, the number of its antivirus users finding stalkerware on their devices rose by 35 percent, from 27,798 people infected in 2018 to 37,532 people infected in 2019. And there’s a growing market of stalkware software from which to choose, including 380 options found in 2019. It’s not NSO group that the average person needs to be worried about—it’s these stalker products that have relatively low levels of sophistication.
“My number one tip for victims is to trust your instincts. If your instincts tell you that your ex or your current partner knows too much about you, it's entirely possible they're monitoring your activities,” Cindy Southworth, executive vice president of the National Network to End Domestic Violence, told Motherboard in 2017.
To check if you’ve been targeted:
Go to your settings or app list and look through the apps that are running in the background. On Mac, press Command+Option+Escape; on Windows, press Ctrl+Alt+Delete. You can also do this easily on your phone, although the exact steps vary by carrier. Do you recognize all of the apps running? If not, delete the suspicious apps immediately.
Check your location sharing settings on apps like Google Maps and Find My Friends. Ensure you’re only sharing your location with people you trust.
Look for an app called “Cydia,” which allows users to install software onto jailbroken devices. If the app shows up, this is a strong clue that someone may have been installing unwanted software onto your device.
If you can’t delete the suspicious app, or there isn’t an app but you still suspect something, try these steps to remove bloatware.
Restore your phone to factory settings. Just remember: Some spyware can’t be eradicated with a simple factory reset. In those cases, you might need to purchase a new phone and recycle yours. And as a reminder, keeping your phone up-to-date also helps defend against security threats, including stalkerware.
If You Don’t Know a Saudi Prince, You’re Probably Safe
“These kinds of attacks often rely on unknown or very new weaknesses in software and can be very expensive to carry out,” Ross Schulman, Senior Policy Counsel and Senior Policy Technologist at New America’s Open Technology Institute, tells Popular Mechanics. “They can also, as in this case, exploit personal relationships. Most people are unlikely to be the target of such an effort. The best thing average users can do to protect themselves is to keep their phone's operating system and apps up to date.”
The Bezos attack wasn’t targeted stalkerware, but instead, a highly coordinated government attack using what was probably a 0day weapon, or a flaw in your operating system that hasn’t yet been patched by the vendor and can be exploited and turned into a powerful weapon. The most powerful of these are remote access 0day tools that don’t require the victim to make any action in order for the vulnerability to be used and access granted to the victim’s device.
“The Bezos incident is a microcosm of how warfare and influence campaigns of the future will be carried out through big, dramatic hacks, like this one, and little, minute, daily hacks,” Eliza Campbell, Associate Director of the Middle East Institute Cyber Program, tells Popular Mechanics. “And we all need to know about and understand both.”
The Growing World of the 0day Market
0day weapons are very expensive and trade for hundreds of thousands to millions of dollars on the commercial and black markets. These tools are often a sophisticated and extremely complicated series of code that utilize multiple vulnerabilities in order to get to the inner core of personal data. They’re most often purchased by governments from some of the most elite hackers in the world—and not just Saudi Arabia. Nearly all governments, have access to and a cache of 0day exploits to use in their espionage programs. The market is big and it's growing.
“Governments are buying and selling 0day intelligence-gathering tools and using them for espionage targets,” Andrea Zapparoli Manzoni, director of Crowdfense, tells Popular Mechanics. “The market for these weapons is growing more each year and current estimates suggest it is worth many billions of dollars.”
These weapons are extremely difficult to spot, and often can only be detected once the victim’s information has been exposed and a forensic analysis has occurred. But given the cost of procuring these devices, they’re not wildly available to the general market, and so they have a very slim chance of being used to target an average consumer.
Will Your WhatsApp Be Hacked?
You should feel comfortable using WhatsApp, as it’s considered very secure by the general security and technology community. However, if you happen to be a billionaire, own a large corporation, or otherwise have influence over our global economy, please be cautious. Like all of us, you should routinely update your phone, practice safe internet practices, and only download items from people you know and trust. As an additional note, if you’re friends with foreign heads of state, it would be wise to use an extra degree of caution—there are human lives and reputations at risk, including your own.
From: Popular Mechanics
This story originally appeared on Esquire.co.uk. Minor edits have been made by the Esquiremag.ph editors.